Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Brahma Protected MoonShots>Medium findings>Some emergency-only functions can be called outside of an emergency state
GeneralOverview
Findings
High (3)
Medium (2)Emergency-only functionsInvalid business logic
Low (1)
DiscussionNotable observations
Category: Business Logic

Some emergency-only functions can be called outside of an emergency state

Medium Severity
Medium Impact
High Likelihood

Description

The project contains six contracts that implement a sweep() function:

  • Batcher

  • Vault

  • ConvexTradeExecutor (derived from BaseTradeExecutor)

  • PerpTradeExecutor (derived from BaseTradeExecutor)

  • Harvester

  • PerpPositionHandlerL2

The sweep() functions in Batcher, Vault, ConvexTradeExecutor, and PerpTradeExecutor are documented as callable only in an emergency state.

Only the sweep() function in Vault implements emergency state checks. The sweep() functions in all other contracts do not.

Impact

The emergency-only sweep() functions in Batcher, ConvexTradeExecutor and PerpTradeExecutor can be called outside of an emergency state.

The sweep() functions in Harvester and PerpPositionHandlerL2 can also be called outside of an emergency state, but they are not documented as callable only in an emergency state.

Recommendations

Consider

  • adding emergency state checks to the sweep() functions of the Batcher, ConvexTradeExecutor, and PerpTradeExecutor contracts.

  • adding emergency state checks to the sweep() function of the Harvester contract and documenting it accordingly.

  • adding an emergency state variable to the PerpPositionHandlerL2 contract,, adding emergency state checks to the sweep() function of the PerpPositionHandlerL2 contract, and documenting this accordingly.

Remediation

The issue has been acknowledged by the Brahma team.

Zellic © 2024Back to top ↑